Privacypolicy SURFfilesender

Snel, veilig en gemakkelijk grote bestanden versturen en ontvangen

De privacypolicy bij het gebruik van de dienst SURFfilesender is alleen in het Engels beschikbaar.

This page is part of the SURFfilesender service. This page is about the privacy policy of SURFnet.

Privacy Policy - version: October 15, 2013 

Personal data

SURFnet takes your trust and privacy very seriously and therefore aims to process as little personal data as necessary. You therefore have to sign in via SURFconext: this ensures we don’t receive your password: verification of your password is handled by your own institution. 

To enable you to use our service, SURFnet needs to process some data that is personal. SURFfilesender requires authentication by a research and education SURF participant, and requires that the participant identity provider (IdP) provide EduPersonPrincipleName (EPPN) and e-mail address attributes. SURFfilesender keeps a permanent log of those attributes, your IP-address, the date and time of the upload, and the filename(s) that were uploaded to the SURFfilesender service, as well the e-mail address of the recipient(s) who were notified of the file(s) availability. The log also tracks every time someone downloads the file using the coded URL that is created when the file is stored. This information is kept even after the actual file contents are deleted. The online log will be deleted from the database of SURFfilesender per two months and stored at another location. 

SURFnet reserves the right to look at the log in order to maintain the system and to monitor abuse. SURFnet monitors whether a given file is being downloaded an inordinately large number of times, or if the volume of retrieval requests to a specific file consumes sufficient bandwidth to significantly degrade the service to other users. In such cases, SURFnet may take actions, including examining the contents of the file to see whether such a complaint is meritorious, notifying the person who stored the file of the problem, and/or appropriate local or federal authorities, as appropriate to the specific conditions and as dictated by law or regulations, up to and including deletion of the file if such abuse is causing significant degradation in system performance. 

The institution you’re working for might want detailed information about the usage of the service: since they pay for the service, we will supply them reports detailing usage. Other than that, we will not provide the identifiable and/or personal information to any organization. SURFnet will delete the data as soon as all reporting requests from institutions are met and the data are not relevant anymore for delivering the service. 

The file itself is stored on SURFnet’s servers for the period you choose when sending the file, whereafter it is automatically deleted. 

SURFnet does not sell or otherwise distribute your personal data to affiliate or third parties and will not send you newsletters or use your personal data for any other purposes then stated above. To evaluate the use of our website and service as well as for statistical purposes, only anonymised data shall be used.

We try to use as few cookies as possible; if we use any, it is either because it is necessary to provide the service or to ease usage of the service: we will not use the information otherwise or sell or provide it to others. 


SURFnet takes appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. When contracting providers that are needed to supply the service, SURFnet has the providers sign for the fact personal information will only be processed in countries where the European data protection rules are applicable. 

SURFnet is unable to determine whether the service supplies enough security for your situation/goal (when exchanging sensitive information, you might want to add your own layer of encryption, for example). Please see the FAQ and consider whether the service is secure enough, or whether you need to take additional measures. 


If you have questions about the way SURFnet processes your personal data or the personal information SURFnet stores about you, please contact SURFnet by sending an e-mail with your question (English or Dutch) to William van Santen. See the contact details at the bottom of the page.

Laatste wijziging op 08 dec 2017